PM Malcolm Turnbull has made is very clear that the failed census site shouldn't have happened1:03

After the census site failed and was taken down on Tuesday night, Malcolm Turnbull said it shouldn't of happened and is not happy about it.

August 11th 2016

3 years ago

/display/newscorpaustralia.com/Web/NewsNetwork/Network News/National/

A joint press conference with Small Business Minister Michael McCormack and Australian Statistician David Kalisch at Parliament House, Canberra. Picture: Ray Strange.Source:News Corp Australia

THE head of the Australian Bureau of Statistics has apologised for the Census debacle, but says the data is “safe and secure”.

Chief statistician David Kalisch told reporters in Canberra this afternoon the integrity of the Census was of “paramount importance” to the ABS and that the personal data of Australians had not been compromised.

David Kalisch and the Census 2016 program manager Duncan Young leave today’s media conference at the Australian Bureau of Statistics headquarters in Canberra. Picture: Ray Strange.Source:News Corp Australia

Reading from a prepared statement, Mr Kalisch said a high quality census was critical for the accurate distribution of government funding.

The Census was finally back up and running today after an embarrassing fail as Malcolm Turnbull said heads would roll over the bungle.

The ABS announced its website was once again operating shortly after 3pm.

Many Australians took to social media to celebrate the fact that the Census was working but not everyone is having success suggesting some issues may still be at play.

Prime Minister Malcolm Turnbull has foreshadowed sackings as a result of the Census failure, saying he was personally “very angry” and there would be “serious consequences” after the review.

Mr Turnbull has layed blame squarely on the Australian Bureau of Statistics and contractor IBM saying measures that should have been in place to prevent an “inevitable” denial of service attack were not implemented.

“This has been a failure of the ABS. We have inconvenienced or the ABS has inconvenienced millions of Australians,” he said.

“It shouldn’t have happened. I am not happy about it. None of us are. We are very disappointed.”

Mr Turnbull said the Australian signals directorate has been tasked to investigate and rectify the problem. He said the site should be resotred today.

He said to date 2.3 million forms have been completed online, with a further 3.7 million forms currently with households or on their way there.

He said the ABS believed in total about 10 million forms would need to be completed.

When asked who was behind the denial of service attack he said it appeared it had come from the US. But he said this did not mean US citizens or entities were behind the attack, noting it was “relatively straightforward” to route internet traffic through America.

He said the website was “tooled up” to deal with up to 260 forms per second.

He said the highest rate reached was 150 forms per second.

Earlier Mr Turnbull said the whole fiasco was a failure.

“That was a failure,” he told 2GB.

“That was compounded by some failures in hardware, some technical hardware failures and inadequate redundancy.

“Now, these failures have been rectified at my direction, the Government’s direction, under the supervision of the Australian Signals Directorate.”

Mr Turnbull said there were clearly “very big issues” for the systems provider IBM and the ABS.

“IBM has done this before, but there has clearly been a failure in the work that was done,” he said.

“A denial of service attack is as predictable for a site like this as the rain will fall one day or the sun will come up in the morning.”

Mr Turnbull said both agencies had had plenty of time to get the Census right, saying IBM’s contract was awarded in late 2014.

Asked whether those found to be responsible would be fired, Mr Turnbull said there would be “very serious consequences” after a review by the Government’s cyber security advisor Alastair MacGibbon.

“The review, and which heads will roll where and when is something that will follow,” he said.

The Prime Minister posted a Tweet at 7.17pm on Census night stating how easy the form was to complete.

He said he was not told the ABS had been investigating multiple denial of service attacks since about 10am the same day until he received a phone call from Small Business Minister Michael McCormack at 8.30pm.

Mr Turnbull said his calm demeanour was disguising the fact he was “very angry” about the Census failure.

He said it was expected the website would be back up and running today.

His comments come after Mr MacGibbon said the talk of privacy surrounding Census data made it a target.

“There was a lot of conjecture around the security and the preparation around this site, so it had a big birthmark on it that was shaped like a target,” Mr MacGibbon told Sky News.

Opposition Leader Bill Shorten said blame for the Census bungle is not the fault of some middle level public servant. Picture: Kym SmithSource:News Corp Australia

Treasurer Scott Morrison has moved to put some of the responsibility for the Census failure onto Labor, pointing out that it was under their watch the decision to predominately use online forms was made.

“Now, the decision to move to an e-census was taken back in 2011,” he said.

“It was taken by the ABS at that time under the previous Government, and indeed, in the 2013-14 Budget, it was actually the previous government that put aside the appropriations, bringing forward appropriations to provide both the capital and recurrent funding that was needed to action that e-census decision that was taken by that previous Government.

“And we, in supporting the ABS since 2013 in that election, continued to implement those plans.”

Mr Morrison said the result on Census night was “completely unsatisfactory” and had made the Government “damn angry”.

PRIVACY COMMISSIONER VOWS TO PROTECT PRIVACY

Australian Privacy Commissioner Timothy Pilgrim who yesterday launched an investigation into the census fail has said the incident will now be the subject of a broader review led by the Prime Minister’s Cyber-Security Adviser, Alastair MacGibbon. He said he has discussed with Mr MacGibbon how their offices will work together.

“My Office will also continue to work with the ABS to ensure they are continuing to take appropriate steps to protect the personal information collected through the Census,” Pilgrim said.

EXPERTS WARN CENSUS CAN’T BE TRUSTED

Computer security experts dismissed the government’s explanation for the census failure as unlikely and warned the data gathered in the census could not be trusted.

Today, the census server is still down 36 hours later, with no explanation as to why the long delay before it can be rebooted.

Australian company Revolution IT, which was paid $470,000 to ensure the IBM-built $9.6 million census servers hosted at Baulkum Hills, Sydney, would cope with the load of census night traffic, has defended its work.

Revolution IT director Hamish Leighton director said the problems with the Census server was not a “performance” issue but the system was taken offline as a deliberate strategy by the ABS in dealing with a DDoS attempt.

Mr Leighton said the company was contracted to ensure the system could handle the expected load of 260 submissions a second and in testing founded it could handle an average sustained peak of 350 submissions a second and peaking up to 400 submissions.

“All that testing went very well,” Mr Leighton said.

The ABS Australian Census website outage apology on the night the website was shut down. Picture: SuppliedSource:Supplied

“What has happened in this case is a level of traffic that’s put through that was way, way above what would make a site usable.”

Mr Leighton said protecting against a denial of service attack was a security issue rather than a performance issue. He said he became aware of the problem when he tried to submit his Census form last night online and got the server error message from the ABS along with millions of other frustrated Australians.

Despite the failure of the census servers, Mr Leighton said this could still be a “showcase” for his company services.

“There wasn’t a performance issue so if we can get beyond that then what we managed to achieve is quite phenomenal,” he said.

Profesor Alfred Poulos is among the millions of unlucky Aussies who couldn't do their census last night. He feared being fined. Picture: Tim CarrafaSource:News Corp Australia

Prior to Census night, the ABS spokesman said the server could handle one million form submissions every hour which was twice the capacity needed. However security experts believe the site might simply have been swamped when 4 million or 5 million, or more, Australians all sat down after dinner and tried to lodge their Census.

Dr Mark Gregory, a networking and telecommunications expert from the RMIT University, said the more likely explanation than the government’s DDoS reason for the failure was that the system was not built to cope with the traffic of millions of Australians filling out their forms at the same time.

“If you’ve got a system designed for 500,000 and all of a sudden four or five million Australians are going to use that at the same time, that is going to look like a denial of service attack,” he said.

Dr Gregory said the frustration of dealing with an overloaded server, as people continued to hit refresh, would just add to the problem.

ABS chief statistician David Kalisch yesterday said there had been two “attacks” before 3pm. The government says the first attack came at 10.09am, and a second one came at 11.50am. Two further attacks came in the afternoon before the ABC shut down the servers at 7.45pm.

When the public tried to connect to the Census server, they were told it was busy with the explanation it was deliberately taken offline only given the following day. The only explanation that the problem was not temporary was at 10.59pm when the ABS tweeted that the website would not be restored that night.

The Australian Census minister Michael McCormack yesterday said the Census servers were not attacked but there were “attempts” of a DDoS attack. Mr McCormack’s own website was taken down late yesterday following an apparent hack, with someone adding the words “gay sex” to his website.

The prime minister’s adviser on cyber security, Alastair MacGibbon, said at the time of the attacks most of the traffic was coming from the United States. A survey last year revealed that 16 per cent of Australians regularly use a virtual private network to hide their real location, with many set up to show they are in the United States so they can access online services available there.

Early yesterday, theories on who was behind the Census attack ranged from the hacking group PoodleCorp to Chinese sports fans, with Melbourne University cyber security expert Suelette Dreyfuss citing upset over Olympic swimmer Mack Horton’s sledging of Sun Yang as a possible reason.

Dan Slattery, senior information security analyst at Webroot, said there was speculation that the attack was by hacktavists protesting the ABS’s decision to collect and save personally identifiable information alongside the census for the first time.

“There were worries that there may be a data breach and this information will become public or used for malicious purposes,” he said.

“The ABS have reported 14 separate data breaches since 2013.”

But as details emerged, several computer experts cast doubt on the DDoS explanation, pointing to a lack of evidence of an overseas attack.

The Digital Attack Map, a tool created by Google and security firm Abor Networks, does not show any DDoS attacks on Australia to support the government claim.

Dr Gregory said the government “would need to provide hard evidence” for their DDoS explanation to be believable.

Australian computer science pioneer Roger Riordan, who days before the Census publicly predicted “total chaos” when millions of Australians tried to fill out their Census forms online simultaneously, yesterday called the government’s explanation unbelievable.

Dr Gregory called the online census system a “trainwreck from the beginning”.

Alastair MacGibbon on Census failure1:16

Special Advisor to the Prime Minister on Cyber Security - Alistair MacGibbon explains what happened with the denial of service in the 2016 Census

August 10th 2016

3 years ago

/display/newscorpaustralia.com/Web/NewsNetwork/Network News/National/

“The system was woefully underpowered,” Dr Gregory said.

“The system was a target from the beginning. Managers were literally daring hackers to attack them.

“The data now cannot be trusted. If you’re in a web page and you’re filling out a form, once you hit the go button you think that the data has gone and it’s being sent. But if the server is currently under attack from a denial of service, your data may have gotten through or it may not have gotten through or half of it may have gotten through. There can be no confidence in this data set.”

“I don’t trust anything that this lot is saying.”

Troy Hunt, one of the world’s foremost experts on data breaches, said the most likely explanation is that the ABS was just not prepared properly.

“We need to see much more tangible information from the ABS in order to understand exactly what went wrong — and even they may not know at this time,” he said.

“The real question is did the ABS have what we would reasonably consider sufficient scale?

“Based on the attack maps we are seeing, it is unlikely that it was some sort of unprecedented scale. I think that the more likely explanation is that they just simply won’t prepared.

“This is probably not a large attack, it’s probably a smaller attack if it was an attack at all.”